General

  • Target

    c2110e85ca4b04d8b191823d74c7b89d2ac1c339340df25c4bc23a1ef8cb55a5.elf

  • Size

    5.1MB

  • Sample

    241109-d35tfayrgm

  • MD5

    86bb8faea996492c43f67dbe4c0f3bd7

  • SHA1

    0c2e3cc38c1770fe65ca4a28feb254fdbbe5d5b1

  • SHA256

    c2110e85ca4b04d8b191823d74c7b89d2ac1c339340df25c4bc23a1ef8cb55a5

  • SHA512

    dda73408ff0d14050d23b7e9eb732599de018dd16d9e603812e0d17811847790e0fbde1fcacdd0f21c7df9af223081e10b1471d74172c8a99322045c813736ff

  • SSDEEP

    98304:8cSBHdgN2a7JP97kJru8cYWPAXqWu+60:8cS03eu+6

Malware Config

Extracted

Family

kaiji

C2

154.201.84.237:7850

Targets

    • Target

      c2110e85ca4b04d8b191823d74c7b89d2ac1c339340df25c4bc23a1ef8cb55a5.elf

    • Size

      5.1MB

    • MD5

      86bb8faea996492c43f67dbe4c0f3bd7

    • SHA1

      0c2e3cc38c1770fe65ca4a28feb254fdbbe5d5b1

    • SHA256

      c2110e85ca4b04d8b191823d74c7b89d2ac1c339340df25c4bc23a1ef8cb55a5

    • SHA512

      dda73408ff0d14050d23b7e9eb732599de018dd16d9e603812e0d17811847790e0fbde1fcacdd0f21c7df9af223081e10b1471d74172c8a99322045c813736ff

    • SSDEEP

      98304:8cSBHdgN2a7JP97kJru8cYWPAXqWu+60:8cS03eu+6

    • Renames multiple (1004) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Write file to user bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v15

Tasks